Myfitnesspal Security Breach: Change your password!

It uses a higher level of encryption, requires two-factor authentication, and the password requirements are very stringent (ie: You must pick a password at least 15 characters long, it has to have numbers, symbols, letters, and capitalization, etc). You can not use anything that is associated with your data (Ie: any part of your birthdate, name, username, etc).

A note for MFP, they actually stored a fair number of their passwords plain text (even though they mention hashing in their security memo) and none of them were even case sensitive.

The link below shows you how a truly secure password can save you from brute force attack (someone systematically guessing your password).

https://www.password-depot.com/know-how/brute-force-attacks.htm

Exactly what I do.

After my identity theft problems late last year, I've become uber paranoid about passwords. Those asshats even managed to change my bank email and password, which would have required calling the bank and answering those random identifier questions gleaned from public records (streets you've lived on, counties lived in, banks who you have loans with, car payment amounts, family member names, etc.). They had no problem answering them because I'm 99% sure they had my Equifax report. I use OnePassword and change passwords frequently like I'm in witness protection!

When I worked for a cellular company, at least 10 people a day used "password" or "password123" as their passcode for everything.

I thought the same thing. There is nothing to take! I used the same password a couple other minor places though so I changed them all just to be safe.

This is kind of funny timing. I had to change my password because I couldn't remember it when I wanted to log in to the site on a different device. Yay for senior moments!

Once your personal info gets on the black web you a** is grass

Thanks for the heads up

I can't see any reason why would they hack MFP, the information the got are usernames, email addresses, and hashed passwords... who would be interested in those in the black market? unless they are online marketers.

Well, they didn't get hashed passwords, they got your actual password. It's not really a big deal other than an information leak. They have an e-mail address with a used password they can try on many different websites. Lots of people reuse the same passwords, sadly. And for people that are a paying member of MFP, they also collected their credit card information and bank information.

They will take the email addresses and passwords (which were plain text) and try them on different websites hoping people used the same ones. It's likely they will gain access to banking info or email that way.